Pwgen is a web-app that generates safe passwords.
To generate a password you enter your master password and a target, for instance the website you want to use the password for, and click on generate. Pwgen will then generate a safe password that you can use. This password is not stored, but can be generated again later if you enter the same master password and target again. This way you only have to remember your master password and still use different passwords for every website you use.
The generated password is shown in a special font so people looking at your screen can not see the generated password. After generating the password the selection will automatically be set to the password, so you only have to hit "Ctrl+C" to copy the password to your clipboard.
If you have an account you can use the "add" and "delete" buttons to add or remove targets to the list stored with your account. If you add a target it will show up as an option when you start typing the next time you login.
The password is generated by concatenating your master password with the target and taking a SHA-512 hash of the resulting string. The bytes of the hash are then used as indices for a list of allowed characters to create a password of the desired length. Unless the punctuation checkbox is on the allowed characters for a password are capital letters, lowercase letters and numbers. If the punctuation checkbox is on the following characters are added to the list: !#$%&'()*+,-./:;<=>?@[\\]^_{|}~
Pwgen makes use of the jsSHA library made by Brian Turek.
No, the accounts are only used to help you remember the targets for which you have generated a password and to verify your master password. If you have an account you can also use it to verify that the master password you entered is the same as at the time you created the account. This can be useful because if you make a typo when you generate a password for the first time you might not be able to generate the same password again. If you do not have an account it is therefore recommended to use the second "master password" field, this wil result in an error if the two passwords are not the same.
The server keeps a list of users, a hash of their passwords and the last login time for each user. Besides the users a list of targets is stored for each user.
Your master password is concatenated to your username and hashed using SHA-512 before being sent to the server, on the server salt is added and the password will be hashed again before being stored. Targets are stored in plain-text.
Besides that, every webserver keeps an access log. This log contains your IP address and the time at which you requested the page from the server.
There also is an offline version of this password generator, which can be downloaded here. The script requires python3 to run. Because it uses tkinter for its graphical user interface and the tkinter library is not included in the default python package on ubuntu (and presumably other linuxes), you may need to install the python3-tk and tk-tile packages using your favorite package manager before you can use it.